Connect with us

Finance

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Published

on

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST

 

Top executives from Wall Street’s largest banks pinpointed cybersecurity as the greatest threat to America’s financial system, at a Congressional hearing that took place in May.

The concern of financial industry leaders with cyber-attacks is neither surprising, nor new. The attraction of cybercriminals to banks and other financial institutions makes sense, given the fact that the financial sector functions as gatekeepers – not just of financial assets, but also of valuable Personally identifiable information (PII).

Threat actors are attracted to attack financial institutions to earn a profit through increasingly sophisticated attacks that range from ransomware attacks to identity theft. But while the threat continues to grow, there is much that can be done to mitigate the risks.

 

The Downsides of Digital Banking

The number of attacks on financial institutions increased sharply in the last two years due to the upheavals wrought by COVID-19, which prompted a dramatic rise in the number of online transactions.

With so much of today’s financial transactions done on both web and mobile devices, threat actors have more opportunities than ever before. Take, for example, the growing importance of Man in the Middle (MITM) Attacks, which impersonate another party online and give criminals access to personal data, passwords, and banking details.

With the widespread adoption of digital banking, consumers have become increasingly worried about cyber-attack. As a result, there’s growing demand to create better consumer protection laws that respond to the rapidly evolving technology. The U.S. Federal Trade Commission (FTC), for example, recently strengthened security safeguards for consumer financial information.

 

It’s Not “Just” About the Money

Financial organizations are at risk not just from threat actors looking for profit, but also from nation-states and hacktivists acting out of idealistic motives or as a means of achieving specific political ends.

The most famous examples of this type of attack include Russia’s 2016 attack on Ukraine’s electric grid and North Korea’s 2017 attack on Britain’s National Health Service.

Because of the extent of the damage that this type of attack could cause, NATO established cyberspace as the “fifth domain of warfare” in 2016. It developed a definition of when foreign factions are banned from attacking financial institutions, due to the fear that this type of attack could directly lead to a country’s destabilization.

 

Recognizing Risk Factors

The digital transformation of financial services helps banks and other financial institutions provide more a more convenient customer experience.

And while significant customer demand has led many banks to implement changes such as the transition from legacy to cloud-based solutions, these shifts also have the potential to create additional security risks.

For example, if we’re talking specifically about cloud migration, there’s need for additional security layers to protect organizations working with public cloud providers from the range of attacks targeting the financial sector: ransomware, account takeover, data theft and manipulation, phishing attacks, identity theft, and more.

Another example is the extensive use of third-party vendors, which has increased the risk of attack for organizations in the financial sector. Because third-party vendors enlarge the attack surface, they create more entry points to the system and make it harder to protect customer data.

 

Accelerating Detection & Response

By adopting an agile approach that supports continuous improvement, financial organizations can facilitate proactive identification of evolving threats and vulnerabilities in the wild. More specifically, by placing an emphasis on use case optimization – which starts by mapping out an organization’s threat detection gaps to a framework such as MITRE ATT&CK – enterprises can prioritize threats and invest their time and resources in mitigating risk more effectively.

For organizations transitioning to the cloud, what’s key is managing the migration process in a way that provides optimal visibility in the cloud and supports ongoing optimization at the enterprise level. Digital playbooks are a crucial tool in providing improved detection and response, creating automated or guided responses that allow faster, more effective, collaborative action.

The development and regular review of incident response plans similarly allows for efficient response in emergency situations and helps reduce the business impact of cyber-attacks.

 

Targeted Threat Intelligence

Threat intelligence that’s tailored to the financial services sector is another key component of timely detection and response. By working with expert Cyber Threat Intelligence (CTI) services, organizations can obtain up-to-date information about industry-specific threats in real time – information that is a highly valuable tool in strengthening the defense of an enterprise.

 

Cyber Hygiene

Employees make mistakes; after all, it’s only human. But these errors can lead to massive data breaches. For example, when someone clicks on a phishing email or leaves passwords for a company computer on a slip of paper that’s easily seen by the wrong person, the damage can be astronomical.

Providing regular cybersecurity training programs for employees can help minimize the risk of an accidental or careless action leading to cyber-attack. To be effective, training programs should not only explain how to spot cybersecurity risks like phishing emails but should also discuss how and where it’s safe to access company information.

Aside from employee training, there are fundamental cybersecurity-related decisions that should be implemented at the enterprise level such as Zero Trust, DevSecOps, and multi-factor authentication (MFA). From a policy perspective, for example, it’s crucial to enforce MFA for all applications. Moreover, technology-related vulnerabilities can be minimized through frequent patching and updates for systems. Audits, as well as vulnerability and penetration tests, must be conducted regularly.

 

For the Financial Sector, “Best Practices” are Key

With the growth in number and complexity of cybersecurity attacks on financial organizations and the increased risk of nation-state attacks, proactively approaching the question of cybersecurity and implementing “best practices” makes the difference in reducing the degree of risk to an enterprise.

By modernizing the SOC with a carefully navigated migration to the cloud, adopting continuous improvement of use cases and the development of digital playbooks that improve detection and response – as well as by leveraging targeted threat intelligence and maintaining strong cyber hygiene – enterprises can put themselves in a stronger position to minimize the potential business impact of a cyber-attack on their organizations.

 

Business

The Evolution and Challenges of Crypto Regulation

Published

on

By

CRACKING THE CRYPTO CODE

Cryptocurrency regulations are evolving quickly around the globe with authorities responding to developing risks professed by criminals exploiting the latest payment methods to mask and launder the profits from their crimes.

According to William Je Founder & CEO, Hamilton Investment Management Ltd, this has warranted the introduction of a more stringent level of due diligence by additional bodies to introduce preventative measures.

William Je Founder & CEO, Hamilton Investment Management Ltd explains: “The past ten years has seen several structural changes in Know Your Customer (KYC) and anti-money laundering (AML) regulations in both Europe and across the world. High-profile money laundering cases and the penetration of illegal monies into global markets have caught the attention of regulators.

“As regulators improve their understanding of these criminal practices, AML requirements have also been improved. However, these improvements have been a reactive process.”

To address the challenges of the blockchain ecosystem, the European Union has started to introduce financial regulations that further bolster the regulatory system in order to improve licensing models. Many member states are regulating crypto assets individually, and Germany is leading the way in being the first to regulate.

Je continues: “These national driven regulations clearly point to a future pathway for crypto companies, outlining the requirements for obtaining and maintaining a financial license from the regulator.

“Compliance, however, is to my mind essential as it not only boosts investor confidence but adds a necessary layer of protection to investors.”

As crypto evolves, so have regulatory bodies’ efforts to monitor, address and enforce restrictions. The most prominent is the Financial Action Task Force (FATF), which details guidance and determines best practices in anti-money-laundering practices and combating the financing of terrorism.

FATF Recommendations number 16, better known as the ‘travel rule’, which requires businesses to collect and store the personal data of the originators and the beneficiaries in blockchain transactions, is the most notable.

Je concludes: “What does this mean? In theory, access to this data will enable authorities to have better oversight and enforcement of crypto market regulations. In other words, they’ll know exactly who is doing exactly what.

As we have always argued – transparency is key. We need to regulate crypto as an asset class with efficacy, which necessitates legislation that is applicable specifically to digital assets and does not hinder the market.

The criminal financial trade which arguably encompasses money laundering, illegal weapons sales, human trafficking, is also international. Thus, cracking down on it is, out of necessity, an international effort.

The decentralised nature of blockchain, which runs contrary to the central-server standard we know and use nearly everywhere, presents a formidable challenge here. Rules and regulations for traditional financial institutions are being implemented wholescale into the crypto sector. We believe that this is arguably wrong footed as it ignores the innovation and uniqueness this asset class and its underlying technology entails.

Traditional forms of regulation from the fiat world do not reciprocally apply to every aspect of crypto nor to the fundamental nature of blockchain technology. However well-intentioned they may be, because these imposed regulations are built on an old system, they must be adapted and modified.”

 

Continue Reading

Business

How bug bounty programs can help financial institutions be more secure

Published

on

By

Rodolphe Harand, Managing Director at YesWeHack

 

Financial services have been one of the most heavily targeted industries by cybercriminals for several years. One alarming stat from the Boston Consulting Group found these firms to be 300x as likely as other companies to be targeted by cyberattacks.

Furthermore, the pandemic has led to a significant increase in the number of cyberattacks targeting financial institutions (FIs), with around 74% experiencing a spike in threats linked to COVID-19.

With FIs holding some of the largest collections of sensitive and private data, it’s clear they will remain an attractive target for malicious actors, especially as any data stolen can be used for fraudulent activities. This leads to the reputational damage of the financial entity that was compromised and has a knock-on effect in terms of monetary and reputational damage to affected customers.

For CISOs at FIs, the conundrum faced is how do you protect intellectual and customer data, and ensure accountability and transparency for clients and stakeholders, at a time when the pandemic has created budget constraints. Research from BAE Systems found that last year alone, IT security, cybercrime as well as fraud and risk departments had their budgets cut by a third.

Below we look at how bug bounty programs can help to address these pressing issues.

 

Protecting valuable data

Protecting customer and intellectual data has always been a top priority for FIs. However, as opportunistic cybercriminals have a lot to gain by stealing this valuable data, there is a constant evolution of threats, which means FIs must stay on their toes. By deploying a bug bounty program, FIs can work with ethical hackers that have a wealth of experience and unique skills when it comes to identifying security weaknesses within a FI’s defence, thus helping to implement effective security measures to help prevent data breaches.

Building trust among various stakeholders such as customers, suppliers and investors is critical for achieving business goals. By deploying a bug bounty program, FIs send out a message that they care about protecting the security of the data of those they work with – which in turn can have a cascading effect resulting in better business performance.

 

Improving accountability  

For FIs to win customers and keep them happy, amidst the growing threat of neo banks and customer-centric fintech organisations, speed of innovation is crucial. As such, many FIs have adopted an agile approach to build, test, and release software faster to bring online and mobile banking solutions to market quicker. However, this can create frictions between development and security teams. Security mandates are deemed to be unnecessarily intrusive and a cause of delayed application development and deployment.

Yet, with DevOps teams needing to build and deploy applications faster than ever before, an epidemic of insecure applications has emerged. According to Osterman Research, 81% of developers admit to knowingly releasing vulnerable applications, while research from WhiteSource found 73% of developers are forced to cut corners and sacrifice security over speed.

With developers often not having the time, tools, skills, or motivation to write impeccably secure code, there is an evident need to provide developers with more support when it comes to building applications securely Fortunately, bug bounty programs can provide a “fact-based” financial implication of inherent security flaws within the process. This makes it possible to hold development teams and service providers accountable for creating or delivering insecure products, thus addressing inherent security gaps within the business units and helping to drive continuous improvement.

Moreover, security awareness and education of developments teams can be improved significantly for those developers that are directly involved with the management of vulnerability reports for their bug bounty programs. This is because, the mere fact of exchanging information with ethical hackers, or assimilating the thinking of a potential hacker and having proof of concepts of vulnerability exploitation on their application components, naturally accelerates consideration of security early in the development stage and provides ongoing learning.

 

Get more return on your investment

According to Gartner, 30% of CISOs effectiveness will be directly measured on their ability to create value for the business. When security budgets are challenged, CISOs need to demonstrate business value through initiatives designed to enhance efficiency whilst stretching the dollar.

This is where bug bounties can help tremendously. Compared to conventional penetration testing, bug bounty offers a fast, complete, and measurable return on your security investment, with businesses only paying out for successful discovery of vulnerabilities. Equally, businesses get access to hundreds of ethical hackers that can test their programs, each with their own unique skillsets as opposed to only one skilled researcher testing the network. This results-driven model ensures you pay for the vulnerabilities that pose a threat to your organisation and not for the time or effort it took to find them.

Bug bounty programs also deliver rapid vulnerability discovery across multiple attack surfaces. With this approach, organisations receive prioritised vulnerabilities and real-time remediation advice throughout the process to accelerate the discovery of, and solution to vulnerabilities.

Another appeal of bug bounties is that due to the continuous nature of testing, more vulnerabilities are found over time as opposed to pen-testing. This is key to financial institutions that require agility to keep up with the continuous roll-out and updates of applications.

 

The cornerstone to a successful security programme

The risk posed to financial institutions by cyber threats will only continue, as evidenced by the number of data breaches seen in recent times. The COVID-19 pandemic has only exacerbated these risks, especially with almost all FIs having needed to shift to a remote working environment – which has only widened the attack landscape.

For FIs, a bug bounty program should be considered a fundamental cornerstone of any security strategy, with it being a modern-day cybersecurity solution that is well-equipped to tackle the immediate security challenges they face. In doing so, FIs will not only prove to customers and stakeholders their commitment to data protection and security but this will also be help them to avoid the monetary damages that could be imposed by regulators if a breach was to take place.

 

Continue Reading

Magazine

Trending

Business2 days ago

What Every Small Business Should Do

The majority of the difficulties associated with establishing a business stem from failing to accomplish the small things correctly. The...

Business2 days ago

5 Ways That Businesses Can Get the Most Out of Their Digital Marketing

Everyone knows that the world of marketing has been changing for the last two or three decades. The days of...

News2 days ago

Transact365 launches seamless cross border payments in India

Transact365 enables merchants to transact locally in India Merchants can partner directly with Transact365 without needing to source local partners...

Banking2 days ago

Cloud technology in banking: Why adoption is on the rise

Alpesh Tailor, Executive Director at digital transformation specialist GFT   The banking sector has never shied away from innovation, whether...

Technology2 days ago

A Smarter World: What role will electronics play in 2022

There has been a sharp increase in technology and devices designed to make our lives simpler, faster and more productive...

Business2 days ago

Top 4 Electronics Development from 2021

Phil Simmonds, Chief Executive Officer of EC Electronics.   As we embark on a new year of business, it is a good time to...

Top 102 days ago

Investing in workforce intelligence now, leads to an optimised tomorrow

Michael Cupps (Senior VP, Marketing, ActiveOps) discusses four critical ways in which a new world of workforce data improves organisational...

CRACKING THE CRYPTO CODE CRACKING THE CRYPTO CODE
Business2 days ago

The Evolution and Challenges of Crypto Regulation

Cryptocurrency regulations are evolving quickly around the globe with authorities responding to developing risks professed by criminals exploiting the latest payment...

News2 days ago

Europe’s first blockchain neobank, BENKER, opens for pre-registration

BENKER(http://www.benker.io/) is to become the first officially licensed blockchain neobank launched in Europe following approval by the Bank of Lithuania under the Electronic Money Institution...

Technology5 days ago

AI-Powered Fraud Prevention for Digital Transactions

By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...

Top 105 days ago

The future of retail trading

Joe Jowett, CEO of StrikeX   The 2020s look set to be the decade of the retail trader. As the...

Business5 days ago

Dissecting the expansion of online checkouts

Daniel Kornitzer, Chief Business Development Officer   Card payments have long existed as the preferred payment method for online consumers....

Business5 days ago

How bug bounty programs can help financial institutions be more secure

Rodolphe Harand, Managing Director at YesWeHack   Financial services have been one of the most heavily targeted industries by cybercriminals...

Business5 days ago

Resolving the unintended friction of Web 3.0

Marten Nelson, CEO, M10 Networks   Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...

Wealth Management5 days ago

Predictions for Alternative Data in 2022

Neil Chapman, CEO of Exabel   2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...

News5 days ago

Why Zero Trust and securing the supply chain is key to post-pandemic recovery

Jim Hietala, Vice President, Business Development and Security at The Open Group   Banking and finance have grown to provide...

Finance5 days ago

Five predictions set impact the finance teams in 2022

By Rob Israch, GM Europe at Tipalti   The CFO now has a very different set of responsibilities in comparison...

Finance5 days ago

Three ways to reduce uncertainty in financial services marketing

By Patrick Costello, Senior Product Strategy Director, Optimizely    According to Bain & Company, uncertainty is one of the key factors affecting marketing...

Banking6 days ago

Bringing Automation to Banking

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies   Automation is everywhere you look these days; from supermarkets to warehouses...

Finance6 days ago

Why financial services is stepping into a new era

by James Mingard, Head of Retail & Finance at Maintel   When comparing industries, financial services has arguably fallen behind when...

Trending